You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by "Emmanuel Lecharny (JIRA)" <ji...@apache.org> on 2019/06/28 05:44:00 UTC
[jira] [Updated] (DIRSERVER-2059) Kerberos Password Change Server
Failure
[ https://issues.apache.org/jira/browse/DIRSERVER-2059?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Emmanuel Lecharny updated DIRSERVER-2059:
-----------------------------------------
Component/s: kerberos
> Kerberos Password Change Server Failure
> ---------------------------------------
>
> Key: DIRSERVER-2059
> URL: https://issues.apache.org/jira/browse/DIRSERVER-2059
> Project: Directory ApacheDS
> Issue Type: Bug
> Components: kerberos
> Affects Versions: 2.0.0-M19
> Environment: Linux
> Reporter: Craig McLure
> Priority: Major
>
> I've been trying to get kpasswd to correctly change a users password, but it always failed, after doing some digging and debugging, I discovered the following:
> *org.apache.directory.server.kerberos.ChangePasswordConfig*
> Primary realm is never set, resulting in inheritance of default EXAMPLE.COM realm regardless of the realm configured. Adding:
> {{this.setPrimaryRealm( kdcConfig.getPrimaryRealm() );}}
> into the constructor resolved this.
> *org.apache.directory.server.kerberos.changepwd.service.ChangePasswordService*
> in {{extractPassword}} there's the following check:
> {{if( authenticator.getSeqNumber() != privatePart.getSeqNumber() )}}
> However, the Authenticator's Sequence Number is never set, resulting in this throwing a NullPointerException. Commenting out the check, admittedly unwise, allows the code to proceed normally.
> With both these changes, password changing via kpasswd is possible again.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@directory.apache.org
For additional commands, e-mail: dev-help@directory.apache.org